Commission acts to protect Europe from cyber-attacks and disruptions

Electronic communication services and networks provide the backbone of European economy. 93% of EU companies and 51% of Europeans actively used the internet in 2007. However natural disasters, terrorist attacks, malicious human action and hardware failure can pose serious risks to Europe’s critical information infrastructures.

Recent large scale attacks on Estonia, Lithuania and Georgia proved that essential electronic communication services and networks are under constant threat. Preparing Europe to act in case of major disruptions or attacks is the goal of a new strategy proposed today by the European Commission.

In 2007, after large-scale cyber attacks, the Estonian Parliament had to shut down its email system for 12 hours and two major Estonian banks had to stop their online services. There is a 10% to 20% probability that telecom networks will be hit by a major breakdown in the next 10 years, with a potential global economic cost of around €193 billion ($250 billion). This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks, which are becoming more and more sophisticated.

Smooth functioning of communications infrastructures is vital for European economy and society. Communications networks also underpin most of our activities in daily life. Purchases and sales over electronic networks amounted to 11% of total turnover of EU companies in 2007. 77% of businesses accessed banking services via internet and 65% of companies used online public services.

In 2008, the number of mobile phone lines was equivalent to 119% of the EU population. Communications infrastructure also underpins the functioning of key areas from energy distribution and water supply to transport, finance and other critical services.

The Commission today called for action to protect these critical information infrastructures by making the EU more prepared for and resistant to cyber attacks and disruptions. At the moment Member States’ approaches and capacities differ widely. A low level of preparedness in one country can make others more vulnerable, while a lack of coordination reduces the effectiveness of countermeasures.

Viviane Reding, Commissioner for Information Society and Media said:

The Information Society brings us countless new opportunities and it is our duty to ensure that it develops on a solid and sustainable base. Europe must be at the forefront in engaging citizens, businesses and public administrations to tackle the challenges of improving the security and resilience of Europe’s critical information infrastructures. There must be no weak links in Europe’s cyber security.

The European Commission wants all stakeholders, in particular businesses, public administrations and citizens to focus on the following issues:

Preparedness and prevention: fostering cooperation, exchange of information and transfer of good policy practices between Member States via a European Forum. Establishing a European Public-Private Partnership for Resilience, which will help businesses to share experience and information with public authorities. Both public and private actors should work together to ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are in place in all Member states.

Detection and response: supporting the development of a European information sharing and alert system.

Mitigation and recovery: stimulating stronger cooperation between Member States via national and multinational contingency plans and regular exercises for large-scale network security incident response and disaster recovery.

International cooperation: driving a Europe-wide debate to set EU priorities for the long term resilience and stability of the Internet, with a view to proposing principles and guidelines to be promoted internationally.

Establish criteria for European critical infrastructure in the ICT sector: the criteria and approaches currently vary across Member States.

The Commission today invited the European Network and Information Security Agency (ENISA) to support this initiative by fostering a dialogue between all actors and the cooperation necessary at the European level.

Mr. Andrea Pirotti, Executive Director of ENISA, confirmed today the ability of the Agency to support the initiative of the Commission, by strengthening its resources. Commenting on the communication, Mr Pirotti clarified:

ENISA is ready to pick up the gavel and support the European Commission in its efforts to address these crucial matters. The Agency is willing to do everything within its mandate to support all necessary actions of the EU and its Member States to combat these threats and to protect the economy of Europe, which, ultimately may be at stake.